4-D - Building an IA Function From The Ground-Up

Building an Internal Audit
Function From the Ground Up
Presented By:

Sam Capuano - Manager Internal Audit, Sunmark FCU

John Gallagher - Director Internal Audit, SEFCU

Barry Lucas - Internal Auditor, Desco FCU (Ohio)
ACUIA Annual Conference June 2013
1







Introductions
What is Internal Audit?
Where Do I Start?
Who Should I Interact With?
What Do I Audit?
What and How Do I Report?
With Whom Do I Meet and When?
ACUIA Annual Conference June 2013
2

Sam Capuano - Manager Internal Audit, Sunmark FCU

John Gallagher - Director Internal Audit, SEFCU


Barry Lucas - Internal Auditor, Desco FCU (Ohio)
ACUIA Annual Conference June 2013
3

Definition
Internal Auditing is an independent, objective
assurance and consulting activity designed to
add value and improve operations.
Internal Audit helps the Credit Union accomplish its
objetives by bringing a systematic, disciplined
approach to evaluate and improve the
effectivesness of risk management, control and
governance processes.
ACUIA Annual Conference June 2013
 Define the roles and responsibilities
 Audit (Assurance Services)?
 Compliance?
 Fraud?
 Risk Management?
 Consulting?
ACUIA Annual Conference June 2013
5
 Independent and Objective
 Reporting Lines?
ACUIA Annual Conference June 2013
6
 Authorities
Internal Audit’s purpose, authority and
responsibility must be formally defined in an
internal audit charter, consistent with the
Definition of Internal Auditing, the Code of
Ethics and the Standards (STD 1000)
ACUIA Annual Conference June 2013
7
Where Do I Start?
 Charter
Documents
 Supervisory
Committee
 Internal Audit
ACUIA Annual Conference June 2013
8
Who does Audit interact with?
 Board of Directors
 Supervisory Committee
 Management
 Staff
 Examiners
 External Auditors
ACUIA Annual Conference June 2013
9
 Audit Universe
The audit universe is the sandbox in which
internal auditors play. It represents all things
(lines of business, products, services,
subsidiaries, third party vendors, and
processes) that are considered “auditable” by
internal audit.
ACUIA Annual Conference June 2013
10
Internal Audit Plan
Internal Audit must establish riskbased plans to determine Internal
Audit’s priorities , consistent with
the Credit Union’s goals. [STD 2010]
ACUIA Annual Conference June 2013
11
 Internal Audit
Plan
Internal Audit must
develop and
document a plan
for each audit
including the
audit’s objectives,
scope, timing and
resource
allocations [STD
2200]
ACUIA Conference 6/19/2012
12
 Risk Assessment
Internal Audit’s audit plan must be based on a
documented risk assessment, undertaken at
least annually [STD 2010.A1]
ACUIA Annual Conference June 2013
13

The who, what, when, and how?
Internal Auditors must communicate the results of the
audit. [STD 2400]
ACUIA Annual Conference June 2013
14

Who?
Board
Supervisory Committee
Executive Management
Department Management
ACUIA Conference 6/19/2012
15

What?
 Area Overview?
 Scope of Work?
 Audit Rating?
 Audit Findings?
 Risk and Control Deficiencies?
 Operational Inefficiencies?
 Cost Reduction Opportunities?
 Compliance Infractions
 Recommendations?
 Comments for Discussion?
ACUIA Annual Conference June 2013
16

When?
 To Management?
 Prior to Exit – Draft
 Subsequent to Exit – Final
 To Supervisory Committee?
 Subsequent to Receipt of Management Response
 To Board of Directors?
 Subsequent to Committee Acceptance and/or Approval
ACUIA Annual Conference June 2013
17

How?
In-person Discussion
Formal Presentations
Written Reports
 Synopsis
 Executive Summary
 Full Report
ACUIA Annual Conference June 2013
18
 Audit Workpapers
Audit workpapers are the documents which record
all audit evidence obtained during financial
statements auditing, internal management auditing,
information systems auditing, and investigations.
Audit working papers are used to support the audit
work done in order to provide assurance that the
audit was performed in accordance with the relevant
auditing standards.
ACUIA Annual Conference June 2013
19
 Audit Workpapers
Paper?
Paperless?
ACUIA Annual Conference June 2013
20
 Frequency?
 Attendees?
 Agenda?
 Food? (just kidding, but important!)
ACUIA Annual Conference June 2013
21
The End !!!!
ACUIA Annual Conference June 2013